The new Zero-Day vulnerability in Confluence has affected several Atlassian products such as Confluence Server and Confluence Data Center. For this reason, after being made public, Barracuda Networks has analyzed all the available data and has discovered attempts to exploit this vulnerability by cyberhackers. These attempts to exploit CVE-2022-26134 range from what is known as ‘benign reconnaissance’ to some more complex attempts to infect different systems via botnet malware, DDoS and/or cryptominers. The company’s analyzes have determined that this vulnerability has been exploited through a constant flow of attacks over time, with an important and prominent peak of activity on June 13.

Zero-Day cyberattacks

The CVE-2022-26134 vulnerability allows cyber attackers to create new administrative accounts within the tool, execute different administrative permissions, and take control of servers. The main attacks and attempts to exploit this vulnerability originated mainly in Russia, the United States, India, the Netherlands and Germany, according to the data of the investigated IP addresses.

Barracuda Networks Warns of Steady Stream of Zero-Day Cyberattacks

As previous research has shown, attacks from North American IP addresses primarily come from cloud services and providers. Similarly, attacks from Germany come from hosting and storage servers.

How to protect yourself

The level of interest in this vulnerability remains constant with occasional spikes, and the company’s researchers expect to see explorations and exploitation attempts for some time. Since the interest of cybercriminals is so high, it is important to take steps to protect systems:

Through patches: The ideal time to apply patches is now, especially if the system is facing the Internet in some way.
Web Application Firewalls (WAF): Placing a Web Application Firewall in front of these systems will help defend in depth against Zero-Day attacks and other vulnerabilities